From afd7aa6261274db0cf57ee6e23f18779fc6c5ab4 Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Fri, 28 Jun 2024 22:42:15 -0700 Subject: [PATCH] Update GitHub Actions workflows. (#537) This PR was automatically generated by the update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt repo, from commit 57219950805273c97b591da6e009acfbf6a74430. --- .github/workflows/master.yml | 62 ++-------- .github/workflows/prerelease.yml | 102 +-------------- .github/workflows/publish.yml | 178 +++++++++++++++++++++++++++ .github/workflows/release.yml | 133 +------------------- .github/workflows/verify-release.yml | 5 + 5 files changed, 202 insertions(+), 278 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index d7bbabf0..53542a7d 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -92,63 +92,16 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: keycloak@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + skipGoSdk: true tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release - needs: publish_sdk + needs: publish runs-on: ubuntu-latest steps: - name: check if this commit needs release @@ -222,6 +175,7 @@ jobs: - java name: master on: + workflow_dispatch: {} push: branches: - master diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 2d6987f9..47609447 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -55,89 +55,12 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: keycloak@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout - 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: true + test: name: test needs: @@ -195,19 +118,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. - enableMacosRunner: false name: prerelease on: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..6ed6d042 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,178 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +name: Publish + +on: + workflow_call: + inputs: + version: + required: true + type: string + isPrerelease: + required: true + type: boolean + skipGoSdk: + default: false + type: boolean + description: Skip publishing & verifying the Go SDK + +env: + IS_PRERELEASE: ${{ inputs.isPrerelease }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + KEYCLOAK_CLIENT_ID: terraform + KEYCLOAK_CLIENT_SECRET: 884e0f95-0f42-4a63-9b1f-94274655669e + KEYCLOAK_PASSWORD: password + KEYCLOAK_URL: http://localhost:8080 + KEYCLOAK_USER: keycloak + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + publish: + name: publish + runs-on: ubuntu-latest + steps: + - name: Validate prerelease + if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+')) + run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1 + - name: Validate skipGoSdk + if: inputs.skipGoSdk && inputs.isPrerelease == false + run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@v1.3.1 + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + swap-storage: false + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-external-id: upload-pulumi-release + role-session-name: keycloak@githubActions + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Run GoReleaser + if: inputs.isPrerelease == false + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 release --rm-dist --timeout 60m0s + version: latest + - name: Run GoReleaser (prerelease) + if: inputs.isPrerelease == true + uses: goreleaser/goreleaser-action@v5 + env: + GORELEASER_CURRENT_TAG: v${{ inputs.version }} + PROVIDER_VERSION: ${{ inputs.version }} + with: + args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 60m0s + version: latest + + publish_sdk: + name: publish_sdk + needs: publish + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools + with: + tools: pulumictl, pulumicli, go, node, dotnet, python, java + - name: Publish SDKs + uses: pulumi/pulumi-package-publisher@v0.0.19 + with: + sdk: all + version: ${{ inputs.version }} + - name: Download Go SDK + uses: ./.github/actions/download-sdk + with: + language: go + - uses: pulumi/publish-go-sdk-action@v1 + if: inputs.skipGoSdk == false + with: + repository: ${{ github.repository }} + base-ref: ${{ github.sha }} + source: sdk + path: sdk + version: ${{ inputs.version }} + additive: false + # Avoid including other language SDKs & artifacts in the commit + files: | + go.* + go/** + !*.tar.gz + create_docs_build: + name: create_docs_build + needs: publish_sdk + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + runs-on: ubuntu-latest + steps: + - name: Dispatch Metadata build + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: pulumi/registry + event-type: resource-provider + client-payload: |- + { + "project": "${{ github.repository }}", + "project-shortname": "keycloak", + "ref": "${{ github.ref_name }}" + } + + clean_up_release_labels: + name: Clean up release labels + # Only run for non-prerelease, if the publish_go_sdk job was successful or skipped + if: inputs.isPrerelease == false + needs: create_docs_build + + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Clean up release labels + uses: pulumi/action-release-by-pr-label@main + with: + command: "clean-up-release-labels" + repo: ${{ github.repository }} + commit: ${{ github.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + verify_release: + name: verify_release + needs: publish_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ inputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: ${{ inputs.isPrerelease == false }} + skipGoSdk: ${{ inputs.skipGoSdk }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5755e718..7388a7ef 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,23 +39,6 @@ jobs: with: version: ${{ needs.prerequisites.outputs.version }} - create_docs_build: - name: create_docs_build - needs: publish_go_sdk - runs-on: ubuntu-latest - steps: - - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: pulumi/registry - event-type: resource-provider - client-payload: |- - { - "project": "${{ github.repository }}", - "project-shortname": "keycloak", - "ref": "${{ github.ref_name }}" - } lint: name: lint uses: ./.github/workflows/lint.yml @@ -71,105 +54,11 @@ jobs: - prerequisites - test - license_check - runs-on: ubuntu-latest - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - swap-storage: false - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumictl, pulumicli, go - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-region: us-east-2 - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-duration-seconds: 7200 - role-external-id: upload-pulumi-release - role-session-name: keycloak@githubActions - role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - env: - GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} - PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} - with: - args: -p 3 release --rm-dist --timeout 60m0s - version: latest - publish_sdk: - name: publish_sdk - needs: - - prerequisites - - publish - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Setup tools - uses: ./.github/actions/setup-tools - with: - tools: pulumicli, pulumictl, go, node, dotnet, python, java - - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.19 - with: - sdk: all - version: ${{ needs.prerequisites.outputs.version }} - publish_go_sdk: - name: publish_go_sdk - needs: - - prerequisites - - publish_sdk - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Download Go SDK - uses: actions/download-artifact@v4 - with: - name: go-sdk.tar.gz - path: ${{ github.workspace }}/sdk/ - - name: Uncompress Go SDK - run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C - ${{ github.workspace }}/sdk/go - shell: bash - - uses: pulumi/publish-go-sdk-action@v1 - with: - repository: ${{ github.repository }} - base-ref: ${{ github.sha }} - source: sdk - path: sdk - version: ${{ needs.prerequisites.outputs.version }} - additive: false - # Avoid including other language SDKs & artifacts in the commit - files: | - go.* - go/** - !*.tar.gz - - clean_up_release_labels: - name: Clean up release labels - needs: create_docs_build - - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Clean up release labels - uses: pulumi/action-release-by-pr-label@main - with: - command: "clean-up-release-labels" - repo: ${{ github.repository }} - commit: ${{ github.sha }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/publish.yml + secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} + isPrerelease: false test: name: test @@ -228,18 +117,6 @@ jobs: - dotnet - go - java - verify-release: - name: verify-release - needs: - - prerequisites - - publish - - publish_sdk - - publish_go_sdk - uses: ./.github/workflows/verify-release.yml - secrets: inherit - with: - providerVersion: ${{ needs.prerequisites.outputs.version }} - enableMacosRunner: true name: release on: diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index d635a9eb..f7784472 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -22,6 +22,11 @@ on: required: false type: boolean default: false + skipGoSdk: + description: "Skip the Go SDK verification. Defaults to 'false'. This is used when we're not publishing a Go SDK on the default branch build." + required: false + type: boolean + default: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}